The Acceleration Economy Analyst Network reacts to Analyst Predictions for 2022. In a roundtable discussion, Aaron Back is joined by analysts Kieron Allen, Frank Ohlhorst, Chris Hughes, and Wayne Sadin to talk through the future of cybersecurity culture and risk mitigation.
04:13 –There’s a massive ecosystem of software being consumed by people that are not maintaining a focus on security.
04:58 – As more organizations are increasingly moving to the cloud and using SaaS apps, they are leaning into CSP native services when it comes to continuous assurance and compliance. Now, we’re also seeing a distributed workforce that requires upskilling in terms of security for remote work.
05:53 – Digital shooting, savviness, and security knowledge need to be brought to the board room, as there is often a lack of security expertise on boards.
06:18 – Many technology consumers, at the customer level, question if they can trust organizations with their personal information and data. Continuous security practices are becoming an increasing customer demand. So, vendors are having to look at third-party attestations and certifications to assure customers of secure operations.
08:26 – In the past, companies have not been good at disclosure. When it comes to financials, company executives sign a statement claiming that financials are in order and if not, they will personally be going to jail. That doesn’t exist with cybersecurity.
09:11 – We tend to focus on nation or state-wide attacks with advanced hacks. However, many organizations tend to fail on the basics. While forward-thinking organizations secure cloud apps, for instance, they can miss the mark of in-depth security and being able to detect an attack.
10:17 – Wayne Sadin wrote an article covering 6 trends for boards to focus on. If boards don’t understand the basics, organizations will continue to get hacked.
11:12 – The hacker mentality isn’t to take the long road to breach an organization. They look for the most efficient way to breach and capture data.
11:40 – Organizations don’t always confidently know where their data is located, who has access to it, or about the entitlements around it.
“If you don’t know what you need to secure, how are you going to secure it?”
13:22 – Going back to securing the distributed workforce, the boundaries have moved so rather than having to just protect internal servers, you must protect everything within the office. Now, the distributed workforce is spread out that companies have to consider how to protect individual employees, such as implementing multi-factor authentication and passwordless technology.
14:23 – It all comes down to having a security culture within your organization and continually educating employees.
“You outsource your hardware, outsource your software, but don’t outsource your brains.”
15:17 – Organizations need to have a security architecture, a data architecture, and an applications architecture. How do organizations build an environment that enables the idea that perfect can’t be the enemy of good? Start with architecture on top, then move incrementally and build insurance towers to mitigate risks.